The phenomenal rate of development of computing hardware has been paralleled by development of the application of computers to an ever longer list of uses. Indeed, the number of present uses of computers is thousands of times larger than early manufacturers expected. This has been particularly noticeable with developments surrounding the Internet.
One of the reasons for this is the adoption of an “open platform” philosophy by the more successful computer manufacturers. A platform is the combination of hardware and operating system in which any application software must operate in order to function. An “open platform” is the opening by the manufacturer of the development of applications which use the platform to third party developers. This opening is the release of the knowledge of the architecture, operating environment and operating system quirks. While such an opening of a platform results in the development of many more applications than any one company can provide, it can also have results that are not so benign.
The development of the Internet, in addition to providing an enormous field of opportunity for application developers, has also provided direct access between computer users, software developers, providers of various services, and those who would exploit this direct access for their own purposes. One of the several means of exploitation is the Trojan Horse.
In software parlance, a Trojan horse, or Trojan for short, is a piece of software operating inside a computer that, while appearing to be something else, among other possibilities, allows an outside party to defeat the computer's security systems and gain access to an otherwise secure computer system. Trojans are almost always part of software that accomplishes something the user desires. Though not a requisite for the operation of a Trojan horse, the direct accessibility provided by the Internet is what gives the security breaching capability of the Trojan its usability. Some third-party software developers, unfortunately, have produced software containing Trojan horses.
Another unwanted phenomenon is the computer virus. A virus behaves much as its biologic namesake, infecting computer systems, performing unwanted actions and, unlike a Trojan, reproducing itself on other computer systems. While the rationale behind a virus is not as understandable as that of a Trojan horse, viruses do sometimes materialize in third-party software.
Further development of computer systems has enlarged the playing field for third-party developers. In recent years, new categories of computer systems have emerged. One of the more recent categories of computer systems is the portable or “palmtop” computer system, or personal digital assistant (PDA). A palmtop computer system is a computer that is small enough to be held in the hand of a user and is thus “palm-sized.” As a result of their size, palmtops are readily carried about in a briefcase or purse, and some palmtops are compact enough to fit into a person's pocket. Palmtop computer systems are also lightweight and so are exceptionally portable and convenient. A very recent development of palmtops is their direct Internet access capability.
One of the most important uses of the palmtop or PDA involves its ready synchronization with a host computer. Synchronization allows the near-instantaneous exchange of data and programs between a PDA and a laptop, desktop or workstation to which it is coupled, whether by cable, RF link or infrared connection. In this way it is extremely convenient to exchange data or load various application programs on a PDA. This is especially true of software that has been downloaded to the desktop from the Internet. Because the leading palmtop brands are all open platforms, an enormous library of very useful applications has been developed by a vibrant developer community and is available via the internet.
Some palmtops are capable of direct access to the Internet. With direct access, they are able to synchronize files which are resident at some remote location over the net directly. Unfortunately, this means the field is ripe for those developers who would abuse the system with invasive routines in their software that would allow security breaches from the Internet connection.
Similar to synchronization, “beaming” of applications and data, via infrared connection (implemented on most popular brands), between palmtops or PDAs has become popular. This peer-to-peer exchange offers extraordinary convenience but brings with it another possible breach of on-board security.
Some data resident on some PDAs are confidential to the user. Modern corporate environments include thousands of users of PDAs who carry data vital to the corporate existence. Private users maintain the details of their private lives on their palmtops. Almost all users have data they don't want to share with unauthorized others or that they can't afford to lose. All of his data is needs to be protected from loss or compromise.
The hotly competitive arena of corporate operations means that there are those who would use any means at hand to acquire another company's confidential data. Others, for reasons unfathomable to rational minds, would destroy users' work for the apparent fun of it.
There exists a need, then, to protect data files resident on a palmtop. Sometimes it is protected by password to exclude unauthorized access. Sometimes it is encrypted to prevent understanding of the data by an unauthorized person who does gain access to it. There are other means of restricting access to the data. These protection methods are typically implemented as security APIs (application provider interfaces). These security API's are typically what are attacked by Trojan horse routines.
There is also a well established supply of software packages that are capable of scanning files loaded on a computer from either the Internet or from packaged media. Some of these that protect against security encroachments are part of “firewall” and virus guard packages. As yet, however, the large size of such packages-and the limited size of data storage on a typical palmtop precludes the use of firewalls or other virus guards resident in the devices. If palmtops and PDA's were, as a category, closed platforms, it would be somewhat more difficult to write invasive routines, but the number of applications written would be suppressed, reducing use and, therefore, sales. A need exists, therefore, for some means of allowing a computer manufacturer to operate under an open platform system yet prevent the inadvertent installation of Trojan horses (and viruses) as part of the software used in a palmtop computing device.